For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Khalid_A's avatar
Khalid_A
Icon for Nimbostratus rankNimbostratus
Mar 05, 2018

Creating JWS session tables

Hi,   We're implementing API authentication/authorization based on JWT. The API and authorization server are all behind F5. We've been asked just to store the JWS sent back from the authorization ...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
Khalid_A's avatar
Khalid_A
Icon for Nimbostratus rankNimbostratus
Mar 07, 2018

OK. That's clear. As soon as I get a pcap of the flow I can start building the iRule. If the Hash is considered secure then using the original token is a great idea.

 

What about performance impact? How far can this scale on a BIG-IP 2000 platform if I will store the entire JWT (internal) and it's hash (external) in the table?